ASD Post-Quantum Cryptography Guidance

ActiveAustraliaGuidance

Issuer: Australian Signals Directorate(ASD)
Effective date: Sep 1, 2023
Published date: Sep 1, 2023
Full text: View full text →

Summary

The Australian Signals Directorate (ASD) advises Australian government agencies and critical infrastructure operators to plan for post-quantum cryptography migration in alignment with NSA CNSA 2.0 and NIST PQC standards. ASD recommends ML-KEM and ML-DSA for new systems and urges organisations to complete cryptographic inventories and embed cryptographic agility into procurement processes.

PKI impact

Medium riskTLS/SSLCode Signingfirmware Signing

ASD guidance aligns closely with NSA CNSA 2.0, meaning defence-adjacent Australian operators effectively inherit CNSA 2.0's urgency despite ASD's advisory framing. Government and defence system operators face implicit pressure to track CNSA 2.0 timelines for TLS/SSL infrastructure, code-signing certificates, and firmware signing keys used in defence-grade systems.

Migration hints

For defence-adjacent systems, treat ASD guidance as carrying similar urgency to NSA CNSA 2.0 and align certificate migration timelines to CNSA 2.0 milestones rather than treating ASD deadlines as purely advisory.
Complete cryptographic inventories for all ASD Essential Eight and ISM-governed systems, including TLS/SSL certificates, client authentication certificates, and firmware signing keys.
Require FIPS 203/204/205/206 support in all new government IT procurements from 2027 per ASD guidance; verify CA and HSM vendor roadmaps before procurement decisions.
For firmware signing in government systems, evaluate LMS/HSS or SLH-DSA per ASD's CNSA 2.0-aligned recommendations and assess stateful key management requirements.

Milestones (2)

Deadline	Label	Type	Hard	Notes
Jun 30, 2026	Australian government agencies: complete PQC readiness assessment	Inventory		ASD guidance recommends agencies complete cryptographic inventories and quantum risk assessments by mid-2026.
Jan 1, 2027	New government procurements: require cryptographic agility	Crypto Agility		ASD recommends cryptographic agility requirements be embedded in new government IT procurements from 2027.

Algorithm references (3)

ML-KEMFIPS 203Recommended
Replaces: RSA, ECDH
ASD recommends ML-KEM (FIPS 203) for post-quantum key encapsulation in Australian government and defence systems, aligned with NSA CNSA 2.0.
ML-DSAFIPS 204Recommended
Replaces: RSA, ECDSA
ASD recommends ML-DSA (FIPS 204) for post-quantum authentication, aligned with NSA CNSA 2.0 and NIST guidance.
SLH-DSAFIPS 205Noted
Replaces: RSA, ECDSA
SLH-DSA noted as an alternative signature scheme suitable for specific use cases such as firmware signing.

Changelog (2)

Date	Type	Description
Aug 1, 2025	Clarification	ASD updated guidance to reflect finalised NIST FIPS 206 and IR 8547, adding FN-DSA to monitored algorithms and reaffirming alignment with NSA CNSA 2.0 timelines.
Sep 1, 2023	New	ASD published post-quantum cryptography guidance for Australian government agencies and critical infrastructure, aligning with NSA CNSA 2.0 and NIST FIPS 203/204/205.

Issuer

Australian Signals DirectorateASD

Type: GOVERNMENT

Region: Australia

Visit website →